New user sign up using AWS Builder ID is currently unavailable on re:Post. To sign up, please use the AWS Management Console instead.
How can I update the cross-realm trust principal password for an existing Amazon EMR cluster?
2 minute read
0
I set up cross-realm trust with an Active Directory domain on a Kerberized Amazon EMR cluster. I need to change the principal password.
Resolution
Amazon EMR creates a krbtgt principal using the cross-realm trust principal password that you specify at cluster launch. This principal is stored in the key distribution center (KDC) on the master node. It looks similar to the following: krbtgt/ADTrustRealm@KerberosRealm
To update the cross-realm trust principal password:
List all principals to find the principal that you want to update (for example, krbtgt/MYADDOMAIN.COM@MYEMRDOMAIN.COM):
list_principals
Run the following command to update the password for the cross-realm trust principal. In the following example, replace krbtgt/MYADDOMAIN.COM@MYEMRDOMAIN.COM with your principal.